Vol. 11, #28 - Jul 10, 2006 - Issue #584
Why Upgrading To Longhorn Is A Really Good Idea
- EDITORS CORNER
- The Depressing State Of Computer Security
- A Day In The Life Of Sunbelt...
- Quote of the Week
- ADMIN TOOLBOX
- Admin Tools We Think You Shouldn't Be Without
- TECH BRIEFING
- Agnitum Analyzes Microsoft OneCare
- Step-by-Step Guide: Running IE On A Virtual Machine
- Terminal Services Tip: Issues Dealing With Remote Desktop
- Step-by-Step Guide: Exchange Server Capacity Planning With Performance Monitor
- Virtualization On Multi-core And Multi-processor Systems
- Licensing VMs: Industry Tackles Tough Questions
- Setting Up Workstations With Remote Installation Services
- WINDOWS SERVER NEWS
- Why Upgrading To Longhorn Is A Really Good Idea
- Microsoft Time Travel
- Microsoft To Integrate OpenDocument for Office
- Intel Invests $600 Mil in WiMAX Provider
- Microsoft To Post 7 Security Bulletins Next Week
- WINDOWS SERVER THIRD PARTY NEWS
- Run SBS And Need Affordable Antivirus For Exchange?
- Kerio Firewall Wins ComputerShopper 'Best Budget Buy'
- Shavlik Plugs Gap Left By Discontinued MBSA
- WServerNews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - PRODUCT OF THE WEEK
- Your Desktop On Your Keychain
Why Switch From Your Old Exchange AV To Sunbelt Messaging Ninja?
- Dual industrial-strength AV engines for your Exchange server
- Powerful, third-generation, all-in-one messaging security
with a central management console and optimized performance
- Significantly lower total cost of ownership
- Highly Responsive 24/7 US-based Technical Support
- A state-of-the-art Attachment Filter for FREE
Click now to get started today with Ninja's SMART attachment filter!
The Depressing State Of Computer Security
Perhaps you know Roger Grimes. He's an InfoWorld Test Center
Contributing Editor, Writes for WinITPro Mag, and is a Foundstone
Ultimate Hacking instructor/consultant teaching Windows, Linux,
Unix, and Solaris security.
His column this week was as depressing as it was interesting. He
puts all his 10 fingers smack in the middle of many sore spots.
It was revealing and entertaining to read his admittedly gloomy
perspective on security, but he did say that next week's column
will point to some solutions. In the mean time, read this and
get yourself trained as an IT security specialist. There will
be a lot of work for years to come ! [grin]
A Day In The Life Of Sunbelt...
Last Wednesday, we had an electrical arc on a power pole close to
our building, causing extreme fluctuations and taking our power
down. The AC was off, and it was a wee bit warm in here. But thanks
to generators, most of us were still working. Here are the pics:
Quote of the Week
Two Quotes of the Week, both by Benjamin Franklin:
"There is no such thing as a good war and there is no such thing
as a bad peace."
"He that would live in peace and at ease must not speak all he
knows or all he sees."
Agnitum Analyzes Microsoft OneCare
Alex's blog featured this item. It gives you a first look at Redmond's
consumer OneCare product. He starts off like this: "Agnitum, a company
which makes an outstanding competitor to my Kerio firewall, has
analyzed the OneCare firewall and concluded the following:
Although the program is very intuitive, nice to look at, and easy to
use - which is good for the program's target audience of inexperienced
users - its functionality is a big let-down and does not serve that
inexperienced user audience well. It reminds us of those a colorful
and feature-rich Graphical User Interfaces (GUI) with nothing behind
them that you sometimes see at exhibitions, because the vendors
couldn't't finish the whole program in time. Microsoft OneCare needs
a serious overhaul before it can be considered anything more than
just a fancy interface with no real security under the hood. More:
Step-by-Step Guide: Running IE On A Virtual Machine
Over the last several years, it has been open season against
Internet Explorer (IE). The Web is littered with malicious Web
pages. These pages can install browser hijackers, keystroke
loggers, viruses, adware, or just about anything else that you
can think of on IE. One possible solution to the problem is to
run Internet Explorer inside of a virtual machine. Learn more
in this guide at SearchWindowsSecurity:
Terminal Services Tip: Issues Dealing With Remote Desktop
Access a collection of Christa Anderson's expert responses to reader
questions regarding Remote Desktop at SearchWinIT.com:
Step-by-Step Guide: Exchange Server Capacity Planning With Performance Monitor
Long-term capacity planning requires you to take a few minutes
out of your day once a week to crunch a few numbers. But the results
are priceless, because they allow you to see the big picture of how
your Exchange servers are consuming resources. In this guide, learn
how to use the Performance Monitor tool for Exchange Server long-term
capacity planning and trend analysis, and how to analyze the results
to forecast the potential for future growth-related performance
issues and outages. At SearchExchange:
Virtualization On Multi-core And Multi-processor Systems
The more CPUs you have available in a computer that runs virtualized
machines, the more processing power you can share among the virtual
computers. But the presence of multi-core CPUs complicates the
picture a little bit. This article offers some guidelines for using
virtualization with multi-core systems at SeachServerVirtualization:
Licensing VMs: Industry Tackles Tough Questions
How to license virtual machines is still a big question. Industry
vendors and analysts are trying to answer it quickly to cut IT costs.
Interesting article from a budget perspective:
Setting Up Workstations With Remote Installation Services
In larger companies, there are two popular options for streamlining
the task of manually setting up workstations: disk imaging and MS's
Remote Installation Services (RIS). This could save you a lot of time:
||WINDOWS SERVER NEWS
Why Upgrading To Longhorn Is A Really Good Idea
Over the long 4th of July weekend, except for celebrating my birthday,
I had some time to look at Longhorn and came to the conclusion that
it will be a real bonus for any system admin to migrate up as soon
as you possibly can. Just like upgrading from W2K to W2K3 was fairly
smooth and popular, I think you are going to want to move to Longhorn
just as fast when you understand all the pros. Redmond has really
listened and this new version is awesome.
I expect the beast to be called Windows Server 2007, so that means
I'm going to abbreviate to W2K7 after it arrives. Longhorn rolls up
a tremendous amount of features, which mainly focus on consolidating
and simplifying your admin and deployment. Longhorn beta 2 comes in
both 32- and 64-bit editions, supports quad-core CPUs from both Intel
and AMD, and also comes as "Longhorn Server Core Edition". This puppy
is stripped down and Redmond's 'headless' answer to Linux. You can
create a nice simple server with it, for stuff like DNS, DHCP or
file/print, easily integrated with your centralized management.
The beast also comes with a mini-AD just for apps, which I hope will
allow us to get completely rid of INI files and registry troubles.
More over, AD will be restartable without having to reboot. Yessss.
Another thing I like a lot is the fact that Terminal Services are
now able to run a remotely hosted app, without first installing it,
in a window that for your end-user looks exactly the same as a
local app, wOOt!!
Longhorn also talks to its clients with the use of both cached and
transactional technology. This makes its reliance on the network a
bit less which is always welcome, despite current networks' higher
reliability. A good example is Longhorn's Transactional File System
which allows you to implement 'roll back' features to certain apps.
The new Longhorn deployment services do away with the need for
ghosted images. Goodbye Norton Ghost. You can take either a client
or a server and boot these puppies straight from the network, plus
configure them and load them from your own desk. Awesome. More over,
Redmond finally stuck all the system admin and monitoring tools
where they should have been to begin with, in the MMC.
Longhorn also comes with NAP. This is a quite useful technology
that allows you to set security policies about network access.
Systems that do not comply are not allowed to join your network.
Think stuff like updated patches, antivirus activated, correct
service packs and the like. NAP can stick non compliant users in
quarantine with limited network access. I like! Microsoft is not
going to have to promote hard for adoption like they had to with
Exchange V5.5. You are going to want this puppy right away.
I know that a lot of you are not going to be running to upgrade
all your workstations to Vista. But after you have done so, in
a few years, there is one feature that is very useful: Vista Group
Policy. Longhorn Server will have about 2,500 registry settings.
Compare that to Windows NT 4.0 with only 79 settings (!) Group
Policy is being beefed up, more granular and it will help you tame
the monster and serve up completely new capabilities to users.
Security has been beefed up at all corners. It starts with the
initial deployment lockdown, continues through the 'server role'
steps, and now uses Unix-like user management that can dictate
permissions for a large amount of user functions using the Group
Policy Manager with the User Account Control at the Vista side.
The Group Policy Management Console (GPMC) tool will be natively
included in in Vista and Longhorn Server, and will have an improved
ADM syntax, now called ADMX, an XML-based format for creating custom
ADM files. Smaller and faster. Also recommended.
But wait, there's more! Redmond has redesigned the TCP/IP stack
from the ground up, and it now includes support for IPv6 and lots
of APIs for smarter network packet management that may lead to
later 'quality of service' capabilities. Things like protecting
high-def voice and video packets are becoming possible.
Last but not least, the BitLocker drive encryption allows you to
lock a disk drive to the system board in a computer. That prevents
a disk from being mounted in another system to steal the data, but
also prevents access to the data without proper credentials. And
that will make it a lot more difficult booting the drive via another
OS or by the use of a Windows hacking tool. Longhorn is a slam-dunk,
must-have upgrade for any one of you.
Microsoft Time Travel
Tony Gore in the UK sent me this Thursday July 6, 2006. "Just checked
my WSUS (on SBS) today to see if there are any patches needed -
although Microsoft normally release only on "Patch Tuesday" once per
month, recently they have taken to releasing all the time. The June
patch for Exchange was re-released i.e. updated two or three times
last month - so many times I lost count.
"Today WSUS shows Office XP SP3 ready for download on 11/7/2006 (11
Jul 2006 - sorry I am in the UK and our dates are listed differently)
and what is more, it has started downloading along with some other
patches - looks to be around the 400M size.
"I haven't seen any announcement of it yet, and if it is not yet
reached its release date, why should it download? Does WSUS download
earlier than this, but not install until the release date? I can see
some advantage in this when a patch is large - allowing it to be
downloaded before the update server gets swamped from requests from
non-corporate users." Tony, we did some research, and here is the
Microsoft release page:
Microsoft To Integrate OpenDocument for Office
Acknowledging the OpenDocument Format's (ODF) increased pressure,
Redmond announced today that it will support an open-source project
to create plug-ins allowing Office users to open and save files
in ODF. Like a lot of open source apps, the code will be hosted
on the Sourceforge.net site. Tom Robertson, general manager for
standards and interoperability for Microsoft said that the goal
is a free plug-in that allows Office to natively save files in ODF,
and 2-way convert files in Office 2007's OpenXML format to ODF.
Expect the Word plug-in by December, and similar plug-ins for Excel
and PowerPoint later next year. Here is the MS-announcement:
Intel Invests $600 Mil in WiMAX Provider
Here's one of my 2004 Crystal Ball predictions coming true! Intel
is investing $600 million in WiMAX pioneer Clearwire Corp. It is
part of a $900 million investment that will likely make adoption
of WiMAX a "fait accompli". Motorola said it will also contribute
part of the extra $300 million going to Clearwire.
Clearwire is selling wireless Internet access in 26 metro markets
in the U.S., Ireland, Belgium, Denmark and Mexico. Their service is
still based on a precursor to WiMAX but they said they will convert
to WiMAX, which delivers service at ranges of one to 10 miles,
compared with around 150 feet for Wi-Fi. For the prediction:
Microsoft To Post 7 Security Bulletins Next Week
Microsoft will post seven security bulletins next Tuesday, including
four bulletins for Windows and three bulletins for Microsoft Office,
the company said Thursday. At least one Windows bulletin and one
Office bulletin will address a critical security issue.
||WINDOWS SERVER THIRD PARTY NEWS
Run SBS And Need Affordable Antivirus For Exchange?
There are LOTs of you out there that run Small Business Server (SBS)
with 5, or 10 mailboxes. Consultants set these SBS systems up all
the time. Doctors, small law offices, Dentists, you name it. But then
the costs come in. Compared to the big AV boys, the Sunbelt Messaging
Ninja prices are a no-brainer.
Ninja however, can be purchased online with immediate delivery of 30
day full-function code and (after a fraud check) permanent keys sent
same- or next business day. This is an awesome solution for SBS. Ninja
now runs on over 1,600 production servers! Ninja with your subscription
for anti-spam and anti-virus (1 year each) and free powerful attachment-
filtering for 10 mailboxes is only 299 bucks. Here is the link to the
cart, and you can change the amount of mailboxes and recalculate to
see how much it would cost for your own small office.
Kerio Firewall Wins ComputerShopper 'Best Budget Buy'
The review starts off with: "Kerio Personal Firewall was recently bought
by Sunbelt, which promptly halved the price. We haven't reviewed this
standalone firewall before, so we were intrigued to see how it would
stand up to the established competition. It turns out that this is a
seriously good personal firewall for the money. Not only does it make
a decent effort of deflecting unwanted traffic, it does so without
scaring the user. When it detects an incoming port scan, for example,
it doesn't pop up useless alerts. Instead it registers the attack on
a counter so you can see how many hackers have included you in their
random scanning. For the full review, check this link:
Get the Kerio firewall here:
Shavlik Plugs Gap Left By Discontinued MBSA
Shavlik Technologies on Wednesday released a trio of tools to fill the
gaps that will be left when Microsoft drops support later this year for
its older security scanning tools. NetworkWorld has the story:
||WServerNews 'FAVE' LINKS
This Week's Links We Like. Tips, Hints And Fun Stuff.
||WServerNews - PRODUCT OF THE WEEK
Your Desktop On Your Keychain
No, you cannot get this yet from Microsoft, but I think this is a
cool concept. Here is the Microsoft Research site where they explain
how it would work. I think I read something about a third party
company doing something like this already. Let me know if you have
seen it somewhere? I'll write about it in the next issue!